Bug 8326 - WinXP cannot join a Samba3 domain with a 'even' hostname
WinXP cannot join a Samba3 domain with a 'even' hostname
Product: Samba 3.6
Classification: Unclassified
Component: Domain Control
All All
: P5 regression
: ---
Assigned To: Karolin Seeger
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2011-07-27 02:56 UTC by Andrew Bartlett
Modified: 2011-07-29 19:02 UTC (History)
0 users

See Also:

Fixed patch for 3.6 (978 bytes, patch)
2011-07-27 02:56 UTC, Andrew Bartlett
jra: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2011-07-27 02:56:49 UTC
Created attachment 6717 [details]
Fixed patch for 3.6

There is an alignment bug in our NBT netlogon code, addressed by the attached bug.  Without this patch, it is not possible to join a WinXP machine to Samba3 running on a host named 'obed'.

The issue is that 'obed' has 4 characters.  It is speculated that a hostname with 5 characters would work.
Comment 1 Jeremy Allison 2011-07-27 18:06:18 UTC
Comment on attachment 6717 [details]
Fixed patch for 3.6

Looking at master I see that flag(NDR_NOALIGN) is set for both 'struct nbt_netlogon_response_from_pdc' and 'struct nbt_netlogon_response2'.

Does this need to be set on both response structs ?
Comment 2 Andrew Bartlett 2011-07-27 20:59:43 UTC
Code inspection shows this in 3.6 nmbd_processlogon.c:

		response2.command	= LOGON_RESPONSE2;
		response2.pdc_name	= pdc_name;
		response2.lm20_token	= 0xffff;

		response.response_type = NETLOGON_RESPONSE2;
		response.data.response2 = response2;

		status = push_nbt_netlogon_response(&blob_out, talloc_tos(), &response);
		if (!NT_STATUS_IS_OK(status)) {
			DEBUG(0,("process_logon_packet: failed to push packet\n"));

and this in 3.5 nmbd_processlogon.c:

				q = outbuf;
				SSVAL(q, 0, 6);
				q += 2;

				fstrcpy(reply_name, "\\\\");
				fstrcat(reply_name, my_name);
				size = push_ascii(q,reply_name,
						sizeof(outbuf)-PTR_DIFF(q, outbuf),
				if (size == (size_t)-1) {
				q = skip_string(outbuf,sizeof(outbuf),q); /* PDC name */

				SSVAL(q, 0, token);
				q += 2;

I therefore conclude that the NOALIGN is valid in the nbt_netlogon_response2 case, as there is no alignment in the manual generator in 3.5.

Naturally the correct fix for this is a testsuite, comparing sampled binary blobs with our runtime NDR parsed output.  I'm happy to write such a test, but any assistance collecting samples would be very valuable.
Comment 3 Jeremy Allison 2011-07-27 21:17:30 UTC
Thanks a lot for the assessment Andrew. I agree a testsuite is the best way forward, but in the meantime I'll ok this change for 3.6.0.

Cheers & thanks !

Comment 4 Jeremy Allison 2011-07-27 21:48:34 UTC
Re-assigning to Karolin for inclusion in 3.6.0 final.
Comment 5 Karolin Seeger 2011-07-29 19:02:04 UTC
Pushed to v3-6-test.
Closing out bug report.